To get NOPASSWD behavior when using ldap to distribute your sudo records, you need to add a sudo options attribute to the sudo rule in ldap to negate the default authentication requirement.
authenticate:
If set, users must authenticate themselves via a password (or other means of authentication) before they may run commands. This default may be overridden via the PASSWD and NOPASSWD tags. This flag is on by default.
To negate it, place a '!' in front of it as the value to a sudo options attribute in ldap.
On Mon, Nov 2, 2015 at 7:02 AM, Todor Petkov <zakk@xxxxxxxxx> wrote:
On 02/11/2015 10:20 AM, Todor Petkov wrote:
Hello,
my bad, I meant that I have added the line in sudoers, but it was not working.
However, I have added the user as "uniquemember" of the group, not
just "gidNumber" and it's OK now.
Thanks.
Hi,
small update:
when the group is with NOPASSWD:ALL, it's not working.
If the user has specific record, it's OK.
I can change the sudoers record with pssh, but if someone can give a hint how to make the group record working, I will appreciate it.
Regards,
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
Alan Willis
Core Infrastructure | Riot Games
For, to speak out once for all, man only plays when in the full meaning of the word he is a man, and he is only completely a man when he plays. - J.C. Friedrich von Schiller - Letters upon the Æsthetic Education of Man
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
